Etsy

Over 1.6 million files containing personally identifiable information, such as full names, home addresses, email addresses, and shipping order details, have been discovered online. These files, allegedly belonging to customers of Etsy, Poshmark, and TikTok Shop, were found in two unsecured Azure Blob Storage containers. The exposure puts customers at risk of social engineering attacks and potential financial loss. The origin of the datasets is unknown, but it is suspected to be from a Vietnamese-based embroidery service. The risk includes cybercriminals impersonating trusted shipping providers or Etsy itself to deceive victims into revealing personal details or making payments.

Source: https://www.techradar.com/pro/security/massive-data-leak-exposes-1-6-million-etsy-and-other-tiktok-shop-customer-details-heres-what-we-know

TPRM report: https://scoringcyber.rankiteo.com/company/etsy

"id": "ets1001052925",
"linkid": "etsy",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'E-commerce',
                        'name': 'Etsy',
                        'type': 'Online Shopping Platform'},
                       {'industry': 'E-commerce',
                        'name': 'Poshmark',
                        'type': 'Online Shopping Platform'},
                       {'industry': 'E-commerce',
                        'name': 'TikTok Shop',
                        'type': 'Online Shopping Platform'}],
 'attack_vector': 'Unsecured Azure Blob Storage containers',
 'data_breach': {'file_types_exposed': ['HTML'],
                 'number_of_records_exposed': '1.6 million',
                 'personally_identifiable_information': ['Full Names',
                                                         'Home Addresses',
                                                         'Email Addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Full Names',
                                              'Home Addresses',
                                              'Email Addresses',
                                              'Shipping Order Details']},
 'description': 'Over 1.6 million files have been discovered online by '
                'researchers, allegedly belonging to Etsy, Poshmark, and '
                'TikTok Shop customers. These files contained personally '
                'identifiable information such as full names, home addresses, '
                'email addresses, and shipping order details.',
 'impact': {'data_compromised': ['Personally Identifiable Information',
                                 'Shipping Order Details'],
            'identity_theft_risk': 'High'},
 'initial_access_broker': {'entry_point': 'Unsecured Azure Blob Storage '
                                          'containers',
                           'high_value_targets': ['Etsy',
                                                  'Poshmark',
                                                  'TikTok Shop']},
 'post_incident_analysis': {'root_causes': 'Unsecured cloud storage'},
 'recommendations': ['Regularly check for data breaches using services like '
                     'Have I Been Pwned',
                     'Monitor accounts, statements, and transactions',
                     'Report suspicious activity to your bank or credit card '
                     'provider'],
 'references': [{'source': 'CyberNews'}, {'source': 'TechRadar Pro'}],
 'title': 'Data Leak of Etsy, Poshmark, and TikTok Shop Customers',
 'type': 'Data Leak',
 'vulnerability_exploited': 'Unsecured cloud storage'}